CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•7 views

CVE-2026-53277

The CVE-2026-53277 issue affects the Linux kernel KVM arm64 path. walk_s1() and kvm_walk_nested_s2() are expected to run with kvm->srcu held to guard memslot changes, but __kvm_at_s12() and __kvm_find_s1_desc_level() invoke these walkers without acquiring SRCU. The fix adds acquiring kvm->s...

5.7AI score0.00174EPSS

Debian CVE•added yesterday•3 views

CVE-2026-53277

5.6AI score0.00174EPSS

Exploits0

EUVD•added yesterday•5 views

EUVD-2026-39221

In the Linux kernel, the following vulnerability has been resolved: ipvs: clear the svc scheduler ptr early on edit ipvseditservice while unbinding the old scheduler clears the svc-scheduler ptr after the scheduler module initiates RCU callbacks. This can cause packets to use the old scheduler at...

CVE-2026-53270

CVE-2026-53270 in the Linux kernel's IPVS path is resolved by clearing the svc->scheduler pointer early during unbind and edit operations. Specifically, in ip_vs_unbind_scheduler(), the scheduler pointer is cleared before the done_service method schedules any RCU callbacks, preventing packets ...

CVE-2026-53264

CVE-2026-53264 (Linux kernel net/sched: act_api) describes a race between NEWTFILTER and DELFILTER that could cause use-after-free when freeing an action. The root cause is timing around IDR removal and immediate kfree(p) without deferral. The documented fix defers final kfree() via RCU, adding a...

EUVD•added yesterday•4 views

EUVD-2026-39215

In the Linux kernel, the following vulnerability has been resolved: net/sched: actapi: use RCU with deferred freeing for action lifecycle When NEWTFILTER and DELFILTER are run concurrently it is possible to create a race with an associated action. Let's illustrate with CPU0 running NEWTFILTER and...

Debian CVE•added yesterday•3 views

CVE-2026-53264

5.7AI score0.00172EPSS

Exploits0

CVE-2026-53259

CVE-2026-53259 describes a Linux kernel slab-use-after-free in ipv6_acaddr handling. The bug occurs in the ipv6 anycast path where an aca (ipv6_acaddr) is published to idev->ac_list under idev->lock but inserted into the global inet6_acaddr_lst hash after unlock, allowing a concurrent teard...

5.7AI score0.00161EPSS

EUVD•added yesterday•5 views

EUVD-2026-39203

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hciallocdev Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hciregisterdev completes, the HCIUNREGISTER flag is never...

5.7AI score0.00189EPSS

Exploits0References7

EUVD•added yesterday•3 views

CVE-2026-53247

CVE-2026-53247 affects the Linux kernel’s MTK Ethernet subsystem (net: ethernet: mtk_eth_soc). The vulnerability arises in the RX path when using non-refcounted pointers to a metadata_dst; mtk_free_dev() frees the metadata_dst with kfree(), bypassing the RCU grace period, creating a potential use...

5.7AI score0.00184EPSS

Exploits0References5

EUVD-2026-39248

In the Linux kernel, the following vulnerability has been resolved: net: phonet: free phonetdevice after RCU grace period phonetdevicedestroy removes a phonetdevice from the per-net device list with listdelrcu, but frees it immediately. RCU readers walking the same list can still hold a pointer t...

5.7AI score0.00173EPSS

CVE-2026-53157

Summary of CVE-2026-53157 (Linux kernel, phonet): The vulnerability occurs in the phonet device teardown where phonet_device_destroy() removes the device from the per-net list with list_del_rcu(), but frees it immediately instead of after the RCU grace period. This allows RCU readers traversing t...

5.7AI score0.00173EPSS

EUVD•added 2 days ago•4 views

EUVD-2026-38815

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...

5.7AI score0.00184EPSS

Exploits0References9

EUVD•added 2 days ago•4 views

EUVD-2026-38996

In the Linux kernel, the following vulnerability has been resolved: drbd: Balance RCU calls in drbdadmdumpdevices Make drbdadmdumpdevices call rcureadlock before rcureadunlock is called. This has been detected by the Clang thread-safety analyzer...

5.7AI score0.0018EPSS

EUVD•added 2 days ago•5 views

EUVD-2026-38974

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not allow deleting local storage in NMI Currently, local storage may deadlock when deferring freeing selem or local storage through kfreercu, callrcu or callrcutaskstrace in NMI or reentrant. Since deleting selem in NMI i...

5.8AI score0.00145EPSS

Exploits0References2

CVE•added 2 days ago•9 views

CVE-2026-53106

CVE-2026-53106 affects the Linux kernel BPF storage deletion flow. The issue arises when local storage is freed via kfree_rcu(), call_rcu(), or call_rcu_tasks_trace() in NMI or reentrant contexts, which can lead to a deadlock. The documented mitigation in NMI is to return an error from bpf_xxx_st...

5.8AI score0.00145EPSS

Exploits0References2

CVE•added 2 days ago•4 views

CVE-2026-53011

The CVE-2026-53011 issue affects the Linux kernel net/sched taprio code. When advance_sched() schedules a change and should_change_schedules() returns true, switch_schedules() promotes the admin schedule to oper and queues the old oper schedule for RCU freeing. The problem is that after the switc...

5.7AI score0.00176EPSS

CVE•added 2 days ago•5 views

CVE-2026-52946

The CVE-2026-52946 entry concerns the Linux kernel and describes a SOFTIRQ-unsafe lock order deadlock in the fasync signaling path (send_sigio and send_sigurg) when FASYNC is enabled for a process group. The concrete remediation is to replace the use of tasklist_lock with rcu_read_lock() to trave...

5.8AI score0.00184EPSS